Skip to content

chore: add audit log tests #4764

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 10 commits into from
Oct 27, 2022
Merged

chore: add audit log tests #4764

Show file tree
Hide file tree
Changes from 6 commits
Commits
Show all changes
10 commits
Select commit Hold shift + click to select a range
acf1ad3
added test for stopping a workspace build
Kira-Pilot Oct 24, 2022
2cd8b3a
Merge remote-tracking branch 'origin/main' into add-audit-coverage/ki…
Kira-Pilot Oct 26, 2022
c50db18
formatted sfriendly string; added tests
Kira-Pilot Oct 26, 2022
fdc94d8
logging unmarshal error in auditLogDescription
Kira-Pilot Oct 26, 2022
93aedaf
prettier
Kira-Pilot Oct 26, 2022
1a9936f
got rid of extra workspace word
Kira-Pilot Oct 26, 2022
3e4cb89
PR feedback
Kira-Pilot Oct 27, 2022
f669898
Merge remote-tracking branch 'origin/main' into add-audit-coverage/ki…
Kira-Pilot Oct 27, 2022
dc7e4a9
fixed mistake; wrote tests in penance
Kira-Pilot Oct 27, 2022
ac68b3c
fix be
Kira-Pilot Oct 27, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
27 changes: 17 additions & 10 deletions coderd/audit.go
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@
package coderd

import (
"context"
"encoding/json"
"fmt"
"net"
Expand All @@ -13,6 +14,7 @@ import (
"github.com/google/uuid"
"github.com/tabbed/pqtype"

"cdr.dev/slog"
"github.com/coder/coder/coderd/database"
"github.com/coder/coder/coderd/httpapi"
"github.com/coder/coder/coderd/httpmw"
Expand Down Expand Up @@ -57,7 +59,7 @@ func (api *API) auditLogs(rw http.ResponseWriter, r *http.Request) {
}

httpapi.Write(ctx, rw, http.StatusOK, codersdk.AuditLogResponse{
AuditLogs: convertAuditLogs(dblogs),
AuditLogs: api.convertAuditLogs(ctx, dblogs),
})
}

Expand Down Expand Up @@ -165,17 +167,17 @@ func (api *API) generateFakeAuditLog(rw http.ResponseWriter, r *http.Request) {
rw.WriteHeader(http.StatusNoContent)
}

func convertAuditLogs(dblogs []database.GetAuditLogsOffsetRow) []codersdk.AuditLog {
func (api *API) convertAuditLogs(ctx context.Context, dblogs []database.GetAuditLogsOffsetRow) []codersdk.AuditLog {
alogs := make([]codersdk.AuditLog, 0, len(dblogs))

for _, dblog := range dblogs {
alogs = append(alogs, convertAuditLog(dblog))
alogs = append(alogs, api.convertAuditLog(ctx, dblog))
}

return alogs
}

func convertAuditLog(dblog database.GetAuditLogsOffsetRow) codersdk.AuditLog {
func (api *API) convertAuditLog(ctx context.Context, dblog database.GetAuditLogsOffsetRow) codersdk.AuditLog {
ip, _ := netip.AddrFromSlice(dblog.Ip.IPNet.IP)

diff := codersdk.AuditDiff{}
Expand Down Expand Up @@ -214,7 +216,7 @@ func convertAuditLog(dblog database.GetAuditLogsOffsetRow) codersdk.AuditLog {
Diff: diff,
StatusCode: dblog.StatusCode,
AdditionalFields: dblog.AdditionalFields,
Description: auditLogDescription(dblog),
Description: api.auditLogDescription(ctx, dblog),
User: user,
}
}
Expand All @@ -223,25 +225,30 @@ type WorkspaceResourceInfo struct {
WorkspaceName string
}

func auditLogDescription(alog database.GetAuditLogsOffsetRow) string {
func (api *API) auditLogDescription(ctx context.Context, alog database.GetAuditLogsOffsetRow) string {
str := fmt.Sprintf("{user} %s %s",
codersdk.AuditAction(alog.Action).FriendlyString(),
codersdk.ResourceType(alog.ResourceType).FriendlyString(),
)

// Strings for build updates follow the below format:
// "{user} started workspace build for workspace {target}"
// "{user} started workspace build for {target}"
// where target is a workspace instead of the workspace build
if alog.ResourceType == database.ResourceTypeWorkspaceBuild {
workspaceBytes := []byte(alog.AdditionalFields)
var workspaceResourceInfo WorkspaceResourceInfo
_ = json.Unmarshal(workspaceBytes, &workspaceResourceInfo)
str += " for workspace " + workspaceResourceInfo.WorkspaceName
err := json.Unmarshal(workspaceBytes, &workspaceResourceInfo)
if err != nil {
api.Logger.Error(ctx, "could not unmarshal workspace name for friendly string", slog.Error(err))
}
str += " for " + workspaceResourceInfo.WorkspaceName
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What do you think about doing:

Suggested change
workspaceBytes := []byte(alog.AdditionalFields)
var workspaceResourceInfo WorkspaceResourceInfo
_ = json.Unmarshal(workspaceBytes, &workspaceResourceInfo)
str += " for workspace " + workspaceResourceInfo.WorkspaceName
err := json.Unmarshal(workspaceBytes, &workspaceResourceInfo)
if err != nil {
api.Logger.Error(ctx, "could not unmarshal workspace name for friendly string", slog.Error(err))
}
str += " for " + workspaceResourceInfo.WorkspaceName
str += " for {target}"

Then the frontend can replace("{target}", auditLog.additional_fields.workspaceName) which lets the backend put the target wherever it wants if we want to change up this string in the future (rather than requiring it be the last item).

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

much simpler; lets me remove the logger, too.

Copy link
Member

@code-asher code-asher Oct 27, 2022
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lets me remove the logger

good point!!

}

// We don't display the name for git ssh keys. It's fairly long and doesn't
// make too much sense to display.
if alog.ResourceType != database.ResourceTypeGitSshKey {

// The UI-visible target for workspace builds is workspace (see above block) so we don't add it to the friendly string
if alog.ResourceType != database.ResourceTypeGitSshKey && alog.ResourceType != database.ResourceTypeWorkspaceBuild {
str += " {target}"
}

Expand Down
2 changes: 1 addition & 1 deletion coderd/audit/request.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -46,7 +46,7 @@ func ResourceTarget[T Auditable](tgt T) string {
return typed.Name
case database.WorkspaceBuild:
// this isn't used
return string(typed.BuildNumber)
return ""
case database.GitSSHKey:
return typed.PublicKey
case database.Group:
Expand Down
23 changes: 21 additions & 2 deletions coderd/workspacebuilds_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -536,13 +536,20 @@ func TestWorkspaceBuildStatus(t *testing.T) {
ctx, cancel := context.WithTimeout(context.Background(), testutil.WaitLong)
defer cancel()
auditor := audit.NewMock()
numLogs := len(auditor.AuditLogs)
client, closeDaemon, api := coderdtest.NewWithAPI(t, &coderdtest.Options{IncludeProvisionerDaemon: true, Auditor: auditor})
user := coderdtest.CreateFirstUser(t, client)
numLogs++ // add an audit log for user
version := coderdtest.CreateTemplateVersion(t, client, user.OrganizationID, nil)
numLogs++ // add an audit log for template version

coderdtest.AwaitTemplateVersionJob(t, client, version.ID)
closeDaemon.Close()
template := coderdtest.CreateTemplate(t, client, user.OrganizationID, version.ID)
numLogs++ // add an audit log for template creation

workspace := coderdtest.CreateWorkspace(t, client, user.OrganizationID, template.ID)
numLogs++ // add an audit log for workspace creation

// initial returned state is "pending"
require.EqualValues(t, codersdk.WorkspaceStatusPending, workspace.LatestBuild.Status)
Expand All @@ -561,11 +568,22 @@ func TestWorkspaceBuildStatus(t *testing.T) {
require.NoError(t, err)
require.EqualValues(t, codersdk.WorkspaceStatusStopped, workspace.LatestBuild.Status)

// assert an audit log has been created for workspace stopping
numLogs++ // add an audit log for workspace_build stop
require.Len(t, auditor.AuditLogs, numLogs)
require.Equal(t, database.AuditActionStop, auditor.AuditLogs[numLogs-1].Action)

_ = closeDaemon.Close()
// after successful cancel is "canceled"
build = coderdtest.CreateWorkspaceBuild(t, client, workspace, database.WorkspaceTransitionStart)
err = client.CancelWorkspaceBuild(ctx, build.ID)
require.NoError(t, err)

numLogs++ // add an audit log for workspace build start
// assert an audit log has been created workspace starting
require.Len(t, auditor.AuditLogs, numLogs)
require.Equal(t, database.AuditActionStart, auditor.AuditLogs[numLogs-1].Action)

workspace, err = client.Workspace(ctx, workspace.ID)
require.NoError(t, err)
require.EqualValues(t, codersdk.WorkspaceStatusCanceled, workspace.LatestBuild.Status)
Expand All @@ -577,8 +595,9 @@ func TestWorkspaceBuildStatus(t *testing.T) {
workspace, err = client.DeletedWorkspace(ctx, workspace.ID)
require.NoError(t, err)
require.EqualValues(t, codersdk.WorkspaceStatusDeleted, workspace.LatestBuild.Status)
numLogs++ // add an audit log for workspace build deletion

// assert an audit log has been created for deletion
require.Len(t, auditor.AuditLogs, 7)
assert.Equal(t, database.AuditActionDelete, auditor.AuditLogs[6].Action)
require.Len(t, auditor.AuditLogs, numLogs)
require.Equal(t, database.AuditActionDelete, auditor.AuditLogs[numLogs-1].Action)
}
1 change: 1 addition & 0 deletions docs/admin/audit-logs.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,7 @@ We track **create, update and delete** events for the following resources:
- Template
- TemplateVersion
- Workspace
- Workspace start/stop
- User
- Group

Expand Down
11 changes: 10 additions & 1 deletion site/src/components/AuditLogRow/AuditLogRow.stories.tsx
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,11 @@ import TableContainer from "@material-ui/core/TableContainer"
import TableHead from "@material-ui/core/TableHead"
import TableRow from "@material-ui/core/TableRow"
import { ComponentMeta, Story } from "@storybook/react"
import { MockAuditLog, MockAuditLog2 } from "testHelpers/entities"
import {
MockAuditLog,
MockAuditLog2,
MockAuditLogWithWorkspaceBuild,
} from "testHelpers/entities"
import { AuditLogRow, AuditLogRowProps } from "./AuditLogRow"

export default {
Expand Down Expand Up @@ -38,3 +42,8 @@ WithDiff.args = {
auditLog: MockAuditLog2,
defaultIsDiffOpen: true,
}

export const WithWorkspaceBuild = Template.bind({})
WithWorkspaceBuild.args = {
auditLog: MockAuditLogWithWorkspaceBuild,
}
8 changes: 8 additions & 0 deletions site/src/components/AuditLogRow/AuditLogRow.tsx
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -31,6 +31,14 @@ const pillTypeByHttpStatus = (
}

const readableActionMessage = (auditLog: AuditLog) => {
// workspace builds audit logs don't have targets; therefore format them differently
if (auditLog.resource_type === "workspace_build") {
const substr = auditLog.description.trim().split(" ").pop() ?? ""
return auditLog.description
.replace("{user}", `<strong>${auditLog.user?.username}</strong>`)
.replace(substr, `<strong>${substr}</strong>`)
}

return auditLog.description
.replace("{user}", `<strong>${auditLog.user?.username}</strong>`)
.replace("{target}", `<strong>${auditLog.resource_target}</strong>`)
Expand Down
9 changes: 9 additions & 0 deletions site/src/testHelpers/entities.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -949,6 +949,15 @@ export const MockAuditLog2: TypesGen.AuditLog = {
},
}

export const MockAuditLogWithWorkspaceBuild: TypesGen.AuditLog = {
...MockAuditLog,
id: "f90995bf-4a2b-4089-b597-e66e025e523e",
request_id: "61555889-2875-475c-8494-f7693dd5d75b",
action: "stop",
resource_type: "workspace_build",
description: "{user} stopped workspace build for workspace test2",
}

export const MockWorkspaceQuota: TypesGen.WorkspaceQuota = {
user_workspace_count: 0,
user_workspace_limit: 100,
Expand Down